OpenDNSSEC-libhsm 1.3.0rc3
|
00001 /* 00002 * $Id: hsmtest.c 5227 2011-06-12 08:51:24Z jakob $ 00003 * 00004 * Copyright (c) 2009 Nominet UK. 00005 * All rights reserved. 00006 * 00007 * Redistribution and use in source and binary forms, with or without 00008 * modification, are permitted provided that the following conditions 00009 * are met: 00010 * 1. Redistributions of source code must retain the above copyright 00011 * notice, this list of conditions and the following disclaimer. 00012 * 2. Redistributions in binary form must reproduce the above copyright 00013 * notice, this list of conditions and the following disclaimer in the 00014 * documentation and/or other materials provided with the distribution. 00015 * 00016 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 00017 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 00018 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 00019 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 00020 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 00021 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE 00022 * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 00023 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER 00024 * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 00025 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN 00026 * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 00027 */ 00028 00029 #include "config.h" 00030 #include "hsmtest.h" 00031 00032 #include <stdio.h> 00033 #include <string.h> 00034 #include <stdlib.h> 00035 #include <unistd.h> 00036 00037 #include <libhsm.h> 00038 #include <libhsmdns.h> 00039 00040 00041 static int 00042 hsm_test_sign (hsm_ctx_t *ctx, hsm_key_t *key, ldns_algorithm alg) 00043 { 00044 int result; 00045 ldns_rr_list *rrset; 00046 ldns_rr *rr, *sig, *dnskey_rr; 00047 ldns_status status; 00048 hsm_sign_params_t *sign_params; 00049 00050 rrset = ldns_rr_list_new(); 00051 00052 status = ldns_rr_new_frm_str(&rr, "example.com. IN A 192.168.0.1", 0, NULL, NULL); 00053 if (status == LDNS_STATUS_OK) ldns_rr_list_push_rr(rrset, rr); 00054 00055 status = ldns_rr_new_frm_str(&rr, "example.com. IN A 192.168.0.2", 0, NULL, NULL); 00056 if (status == LDNS_STATUS_OK) ldns_rr_list_push_rr(rrset, rr); 00057 00058 sign_params = hsm_sign_params_new(); 00059 sign_params->algorithm = alg; 00060 sign_params->owner = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, "example.com."); 00061 dnskey_rr = hsm_get_dnskey(ctx, key, sign_params); 00062 sign_params->keytag = ldns_calc_keytag(dnskey_rr); 00063 00064 sig = hsm_sign_rrset(ctx, rrset, key, sign_params); 00065 if (sig) { 00066 result = 0; 00067 ldns_rr_free(sig); 00068 } else { 00069 result = 1; 00070 } 00071 00072 ldns_rr_list_deep_free(rrset); 00073 hsm_sign_params_free(sign_params); 00074 ldns_rr_free(dnskey_rr); 00075 00076 return result; 00077 } 00078 00079 static int 00080 hsm_test_random() 00081 { 00082 hsm_ctx_t *ctx = NULL; 00083 00084 int result; 00085 unsigned char rnd_buf[1024]; 00086 uint32_t r32; 00087 uint64_t r64; 00088 00089 printf("Generating %lu bytes of random data... ", 00090 (unsigned long) sizeof(rnd_buf)); 00091 result = hsm_random_buffer(ctx, rnd_buf, sizeof(rnd_buf)); 00092 if (result) { 00093 printf("Failed, error: %d\n", result); 00094 hsm_print_error(ctx); 00095 return 1; 00096 } else { 00097 printf("OK\n"); 00098 } 00099 00100 printf("Generating 32-bit random data... "); 00101 r32 = hsm_random32(ctx); 00102 printf("%u\n", r32); 00103 00104 printf("Generating 64-bit random data... "); 00105 r64 = hsm_random64(ctx); 00106 printf("%llu\n", r64); 00107 00108 return 0; 00109 } 00110 00111 int 00112 hsm_test (const char *repository) 00113 { 00114 int result; 00115 const unsigned int keysizes[] = { 512, 768, 1024, 1536, 2048, 4096 }; 00116 unsigned int keysize; 00117 00118 hsm_ctx_t *ctx = NULL; 00119 hsm_key_t *key = NULL; 00120 char *id; 00121 int errors = 0; 00122 unsigned int i = 0; 00123 00124 /* Check for repository before starting any tests */ 00125 if (hsm_token_attached(ctx, repository) == 0) { 00126 hsm_print_error(ctx); 00127 return 1; 00128 } 00129 00130 /* 00131 * Test key generation, signing and deletion for a number of key size 00132 */ 00133 for (i=0; i<(sizeof(keysizes)/sizeof(unsigned int)); i++) { 00134 keysize = keysizes[i]; 00135 00136 printf("Generating %d-bit RSA key... ", keysize); 00137 key = hsm_generate_rsa_key(ctx, repository, keysize); 00138 if (!key) { 00139 errors++; 00140 printf("Failed\n"); 00141 hsm_print_error(ctx); 00142 printf("\n"); 00143 continue; 00144 } else { 00145 printf("OK\n"); 00146 } 00147 00148 printf("Extracting key identifier... "); 00149 id = hsm_get_key_id(ctx, key); 00150 if (!id) { 00151 errors++; 00152 printf("Failed\n"); 00153 hsm_print_error(ctx); 00154 printf("\n"); 00155 } else { 00156 printf("OK, %s\n", id); 00157 } 00158 free(id); 00159 00160 printf("Signing (RSA/SHA1) with key... "); 00161 result = hsm_test_sign(ctx, key, LDNS_RSASHA1); 00162 if (result) { 00163 errors++; 00164 printf("Failed, error: %d\n", result); 00165 hsm_print_error(ctx); 00166 } else { 00167 printf("OK\n"); 00168 } 00169 00170 printf("Signing (RSA/SHA256) with key... "); 00171 result = hsm_test_sign(ctx, key, LDNS_RSASHA256); 00172 if (result) { 00173 errors++; 00174 printf("Failed, error: %d\n", result); 00175 hsm_print_error(ctx); 00176 } else { 00177 printf("OK\n"); 00178 } 00179 00180 if ( keysize >= 1024) { 00181 printf("Signing (RSA/SHA512) with key... "); 00182 result = hsm_test_sign(ctx, key, LDNS_RSASHA512); 00183 if (result) { 00184 errors++; 00185 printf("Failed, error: %d\n", result); 00186 hsm_print_error(ctx); 00187 } else { 00188 printf("OK\n"); 00189 } 00190 } 00191 00192 printf("Deleting key... "); 00193 result = hsm_remove_key(ctx, key); 00194 if (result) { 00195 errors++; 00196 printf("Failed: error: %d\n", result); 00197 hsm_print_error(ctx); 00198 } else { 00199 printf("OK\n"); 00200 } 00201 00202 free(key); 00203 00204 printf("\n"); 00205 } 00206 00207 if (hsm_test_random()) { 00208 errors++; 00209 } 00210 00211 return errors; 00212 }